fluent-plugin-winevtlog 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/fluent-plugin-winevtlog.gemspec +1 -1
- data/lib/fluent/plugin/in_winevtlog.rb +38 -34
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 238726bd6a49e60ad9e2f165ddbf87b351e0436d
|
4
|
+
data.tar.gz: ba9b3af62d8460e2791a470a1f7fb2807be1f8c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14da61cc1fa48009ec2e3bec9dce3dc4e5434b2bd628196fd025df8a9cb6f7df683cee73c641f1f836ee929484196c58f2e928f51ced102b3578c77f1f507929
|
7
|
+
data.tar.gz: 9c5136757333abc4c15a322a790fdad842896300024acee918efdc972878d8f7a79a663d62dc9d7ab150fa82fdbfa42d55699cf6875b4e091f5ed54fb7460e3d
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-winevtlog"
|
7
|
-
spec.version = "0.0.
|
7
|
+
spec.version = "0.0.3"
|
8
8
|
spec.authors = ["okahashi117"]
|
9
9
|
spec.email = ["naruki_okahashi@jbat.co.jp"]
|
10
10
|
spec.summary = %q{Input plugin to read windows event log.}
|
@@ -20,26 +20,26 @@ module Fluent
|
|
20
20
|
config_param :tag, :string
|
21
21
|
config_param :read_interval, :time, :default => 2
|
22
22
|
config_param :pos_file, :string, :default => nil
|
23
|
-
config_param :
|
24
|
-
config_param :
|
23
|
+
config_param :channel, :string, :default => 'Application'
|
24
|
+
config_param :key, :string, :default => ''
|
25
25
|
config_param :read_from_head, :bool, :default => false
|
26
26
|
|
27
|
-
attr_reader :
|
27
|
+
attr_reader :chs
|
28
28
|
|
29
29
|
def initialize
|
30
30
|
super
|
31
|
-
@
|
31
|
+
@chs = []
|
32
32
|
@keynames = []
|
33
33
|
@tails = {}
|
34
34
|
end
|
35
35
|
|
36
36
|
def configure(conf)
|
37
37
|
super
|
38
|
-
@
|
39
|
-
if @
|
40
|
-
raise ConfigError, "winevtlog: '
|
38
|
+
@chs = @channel.split(',').map {|ch| ch.strip.downcase }.uniq
|
39
|
+
if @chs.empty?
|
40
|
+
raise ConfigError, "winevtlog: 'channel' parameter is required on winevtlog input"
|
41
41
|
end
|
42
|
-
@keynames = @
|
42
|
+
@keynames = @key.split(',').map {|k| k.strip }.uniq
|
43
43
|
if @keynames.empty?
|
44
44
|
@keynames = @@KEY_MAP.keys
|
45
45
|
end
|
@@ -54,7 +54,7 @@ module Fluent
|
|
54
54
|
@pf = PositionFile.parse(@pf_file)
|
55
55
|
end
|
56
56
|
@loop = Coolio::Loop.new
|
57
|
-
start_watchers(@
|
57
|
+
start_watchers(@chs)
|
58
58
|
@thread = Thread.new(&method(:run))
|
59
59
|
end
|
60
60
|
|
@@ -65,30 +65,30 @@ module Fluent
|
|
65
65
|
@pf_file.close if @pf_file
|
66
66
|
end
|
67
67
|
|
68
|
-
def setup_wacther(
|
69
|
-
wlw = WindowsLogWatcher.new(
|
68
|
+
def setup_wacther(ch, pe)
|
69
|
+
wlw = WindowsLogWatcher.new(ch, pe, &method(:receive_lines))
|
70
70
|
wlw.attach(@loop)
|
71
71
|
wlw
|
72
72
|
end
|
73
73
|
|
74
|
-
def start_watchers(
|
75
|
-
|
74
|
+
def start_watchers(chs)
|
75
|
+
chs.each { |ch|
|
76
76
|
pe = nil
|
77
77
|
if @pf
|
78
|
-
pe = @pf[
|
78
|
+
pe = @pf[ch]
|
79
79
|
if @read_from_head && pe.read_num.zero?
|
80
|
-
el = EventLog.open(
|
80
|
+
el = EventLog.open(ch)
|
81
81
|
pe.update(el.oldest_record_number-1,1)
|
82
82
|
el.close
|
83
83
|
end
|
84
84
|
end
|
85
|
-
@tails[
|
85
|
+
@tails[ch] = setup_wacther(ch, pe)
|
86
86
|
}
|
87
87
|
end
|
88
88
|
|
89
|
-
def stop_watchers(
|
90
|
-
|
91
|
-
wlw = @tails.delete(
|
89
|
+
def stop_watchers(chs, unwatched = false)
|
90
|
+
chs.each { |ch|
|
91
|
+
wlw = @tails.delete(ch)
|
92
92
|
if wlw
|
93
93
|
wlw.unwatched = unwatched
|
94
94
|
close_watcher(wlw)
|
@@ -108,11 +108,13 @@ module Fluent
|
|
108
108
|
$log.error_backtrace
|
109
109
|
end
|
110
110
|
|
111
|
-
def receive_lines(lines, pe)
|
111
|
+
def receive_lines(ch, lines, pe)
|
112
112
|
return if lines.empty?
|
113
113
|
begin
|
114
114
|
for r in lines
|
115
|
-
h =
|
115
|
+
h = {"channel" => ch}
|
116
|
+
@keynames.each {|k| h[k]=r.send(@@KEY_MAP[k]).to_s}
|
117
|
+
#h = Hash[@keynames.map {|k| [k, r.send(@@KEY_MAP[k]).to_s]}]
|
116
118
|
Engine.emit(@tag, Engine.now, h)
|
117
119
|
pe[1] +=1
|
118
120
|
end
|
@@ -124,14 +126,14 @@ module Fluent
|
|
124
126
|
|
125
127
|
|
126
128
|
class WindowsLogWatcher
|
127
|
-
def initialize(
|
128
|
-
@
|
129
|
+
def initialize(ch, pe, &receive_lines)
|
130
|
+
@ch = ch
|
129
131
|
@pe = pe || MemoryPositionEntry.new
|
130
132
|
@receive_lines = receive_lines
|
131
133
|
@timer_trigger = TimerWatcher.new(1, true, &method(:on_notify))
|
132
134
|
end
|
133
135
|
|
134
|
-
attr_reader :
|
136
|
+
attr_reader :ch
|
135
137
|
attr_accessor :unwatched
|
136
138
|
attr_accessor :pe
|
137
139
|
|
@@ -149,7 +151,7 @@ module Fluent
|
|
149
151
|
end
|
150
152
|
|
151
153
|
def on_notify
|
152
|
-
el = EventLog.open(@
|
154
|
+
el = EventLog.open(@ch)
|
153
155
|
rl_sn = [el.oldest_record_number, el.total_records]
|
154
156
|
pe_sn = [@pe.read_start, @pe.read_num]
|
155
157
|
# if total_records is zero, oldest_record_number has no meaning.
|
@@ -170,7 +172,7 @@ module Fluent
|
|
170
172
|
cur_end += 0xFFFFFFFF
|
171
173
|
end
|
172
174
|
|
173
|
-
if (cur_end
|
175
|
+
if (cur_end < old_end)
|
174
176
|
# something occured.
|
175
177
|
@pe.update(rl_sn[0], rl_sn[1])
|
176
178
|
return
|
@@ -179,8 +181,10 @@ module Fluent
|
|
179
181
|
read_more = false
|
180
182
|
begin
|
181
183
|
numlines = cur_end - old_end
|
184
|
+
|
182
185
|
winlogs = el.read(Windows::Constants::EVENTLOG_SEEK_READ | Windows::Constants::EVENTLOG_FORWARDS_READ, old_end + 1)
|
183
|
-
@receive_lines.call(winlogs, pe_sn)
|
186
|
+
@receive_lines.call(@ch, winlogs, pe_sn)
|
187
|
+
|
184
188
|
@pe.update(pe_sn[0], pe_sn[1])
|
185
189
|
old_end = pe_sn[0] + pe_sn[1] -1
|
186
190
|
end while read_more
|
@@ -211,17 +215,17 @@ module Fluent
|
|
211
215
|
@last_pos = last_pos
|
212
216
|
end
|
213
217
|
|
214
|
-
def [](
|
215
|
-
if m = @map[
|
218
|
+
def [](ch)
|
219
|
+
if m = @map[ch]
|
216
220
|
return m
|
217
221
|
end
|
218
222
|
@file.pos = @last_pos
|
219
|
-
@file.write
|
223
|
+
@file.write ch
|
220
224
|
@file.write "\t"
|
221
225
|
seek = @file.pos
|
222
226
|
@file.write "00000000\t00000000\n"
|
223
227
|
@last_pos = @file.pos
|
224
|
-
@map[
|
228
|
+
@map[ch] = FilePositionEntry.new(@file, seek)
|
225
229
|
end
|
226
230
|
|
227
231
|
# parsing file and rebuild mysself
|
@@ -232,10 +236,10 @@ module Fluent
|
|
232
236
|
# check and get a matched line as m
|
233
237
|
m = /^([^\t]+)\t([0-9a-fA-F]+)\t([0-9a-fA-F]+)/.match(line)
|
234
238
|
next unless m
|
235
|
-
|
239
|
+
ch = m[1]
|
236
240
|
pos = m[2].to_i(16)
|
237
|
-
seek = file.pos - line.bytesize +
|
238
|
-
map[
|
241
|
+
seek = file.pos - line.bytesize + ch.bytesize + 1
|
242
|
+
map[ch] = FilePositionEntry.new(file, seek)
|
239
243
|
}
|
240
244
|
new(file, map, file.pos)
|
241
245
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-winevtlog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- okahashi117
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-10-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|